1. 10 Oct, 2019 2 commits
    • Christian Brauner's avatar
      seccomp: add SECCOMP_USER_NOTIF_FLAG_CONTINUE · fb3c5386
      Christian Brauner authored
      This allows the seccomp notifier to continue a syscall. A positive
      discussion about this feature was triggered by a post to the
      ksummit-discuss mailing list (cf. [3]) and took place during KSummit
      (cf. [1]) and again at the containers/checkpoint-restore
      micro-conference at Linux Plumbers.
      
      Recently we landed seccomp support for SECCOMP_RET_USER_NOTIF (cf. [4])
      which enables a process (watchee) to retrieve an fd for its seccomp
      filter. This fd can then be handed to another (usually more privileged)
      process (watcher). The watcher will then be able to receive seccomp
      messages about the syscalls having been performed by the watchee.
      
      This feature is heavily used in some userspace workloads. For example,
      it is currently used to intercept mknod() syscalls in user namespaces
      aka in containers.
      The mknod() syscall can be easily filtered based on dev_t. This allows
      us to only intercept a very specific subset of mknod() syscalls.
      Furthermore, mknod() is not possible in user namespaces toto coelo and
      so intercepting and denying syscalls that are not in the whitelist on
      accident is not a big deal. The watchee won't notice a difference.
      
      In contrast to mknod(), a lot of other syscall we intercept (e.g.
      setxattr()) cannot be easily filtered like mknod() because they have
      pointer arguments. Additionally, some of them might actually succeed in
      user namespaces (e.g. setxattr() for all "user.*" xattrs). Since we
      currently cannot tell seccomp to continue from a user notifier we are
      stuck with performing all of the syscalls in lieu of the container. This
      is a huge security liability since it is extremely difficult to
      correctly assume all of the necessary privileges of the calling task
      such that the syscall can be successfully emulated without escaping
      other additional security restrictions (think missing CAP_MKNOD for
      mknod(), or MS_NODEV on a filesystem etc.). This can be solved by
      telling seccomp to resume the syscall.
      
      One thing that came up in the discussion was the problem that another
      thread could change the memory after userspace has decided to let the
      syscall continue which is a well known TOCTOU with seccomp which is
      present in other ways already.
      The discussion showed that this feature is already very useful for any
      syscall without pointer arguments. For any accidentally intercepted
      non-pointer syscall it is safe to continue.
      For syscalls with pointer arguments there is a race but for any cautious
      userspace and the main usec cases the race doesn't matter. The notifier
      is intended to be used in a scenario where a more privileged watcher
      supervises the syscalls of lesser privileged watchee to allow it to get
      around kernel-enforced limitations by performing the syscall for it
      whenever deemed save by the watcher. Hence, if a user tricks the watcher
      into allowing a syscall they will either get a deny based on
      kernel-enforced restrictions later or they will have changed the
      arguments in such a way that they manage to perform a syscall with
      arguments that they would've been allowed to do anyway.
      In general, it is good to point out again, that the notifier fd was not
      intended to allow userspace to implement a security policy but rather to
      work around kernel security mechanisms in cases where the watcher knows
      that a given action is safe to perform.
      
      /* References */
      [1]: https://linuxplumbersconf.org/event/4/contributions/560
      [2]: https://linuxplumbersconf.org/event/4/contributions/477
      [3]: https://lore.kernel.org/r/20190719093538.dhyopljyr5ns33qx@brauner.io
      [4]: commit 6a21cc50 ("seccomp: add a return code to trap to userspace")
      Co-developed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
      Reviewed-by: default avatarTycho Andersen <tycho@tycho.ws>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Will Drewry <wad@chromium.org>
      CC: Tyler Hicks <tyhicks@canonical.com>
      Link: https://lore.kernel.org/r/20190920083007.11475-2-christian.brauner@ubuntu.comSigned-off-by: default avatarKees Cook <keescook@chromium.org>
      fb3c5386
    • Christian Brauner's avatar
      seccomp: avoid overflow in implicit constant conversion · 223e660b
      Christian Brauner authored
      USER_NOTIF_MAGIC is assigned to int variables in this test so set it to INT_MAX
      to avoid warnings:
      
      seccomp_bpf.c: In function ‘user_notification_continue’:
      seccomp_bpf.c:3088:26: warning: overflow in implicit constant conversion [-Woverflow]
       #define USER_NOTIF_MAGIC 116983961184613L
                                ^
      seccomp_bpf.c:3572:15: note: in expansion of macro ‘USER_NOTIF_MAGIC’
        resp.error = USER_NOTIF_MAGIC;
                     ^~~~~~~~~~~~~~~~
      
      Fixes: 6a21cc50 ("seccomp: add a return code to trap to userspace")
      Signed-off-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
      Reviewed-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Will Drewry <wad@chromium.org>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Martin KaFai Lau <kafai@fb.com>
      Cc: Song Liu <songliubraving@fb.com>
      Cc: Yonghong Song <yhs@fb.com>
      Cc: Tycho Andersen <tycho@tycho.ws>
      Cc: stable@vger.kernel.org
      Cc: linux-kselftest@vger.kernel.org
      Cc: netdev@vger.kernel.org
      Cc: bpf@vger.kernel.org
      Reviewed-by: default avatarTycho Andersen <tycho@tycho.ws>
      Link: https://lore.kernel.org/r/20190920083007.11475-3-christian.brauner@ubuntu.comSigned-off-by: default avatarKees Cook <keescook@chromium.org>
      223e660b
  2. 06 Oct, 2019 4 commits
    • Linus Torvalds's avatar
      Linux 5.4-rc2 · da0c9ea1
      Linus Torvalds authored
      da0c9ea1
    • Linus Torvalds's avatar
      elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings · b212921b
      Linus Torvalds authored
      In commit 4ed28639 ("fs, elf: drop MAP_FIXED usage from elf_map") we
      changed elf to use MAP_FIXED_NOREPLACE instead of MAP_FIXED for the
      executable mappings.
      
      Then, people reported that it broke some binaries that had overlapping
      segments from the same file, and commit ad55eac7 ("elf: enforce
      MAP_FIXED on overlaying elf segments") re-instated MAP_FIXED for some
      overlaying elf segment cases.  But only some - despite the summary line
      of that commit, it only did it when it also does a temporary brk vma for
      one obvious overlapping case.
      
      Now Russell King reports another overlapping case with old 32-bit x86
      binaries, which doesn't trigger that limited case.  End result: we had
      better just drop MAP_FIXED_NOREPLACE entirely, and go back to MAP_FIXED.
      
      Yes, it's a sign of old binaries generated with old tool-chains, but we
      do pride ourselves on not breaking existing setups.
      
      This still leaves MAP_FIXED_NOREPLACE in place for the load_elf_interp()
      and the old load_elf_library() use-cases, because nobody has reported
      breakage for those. Yet.
      
      Note that in all the cases seen so far, the overlapping elf sections
      seem to be just re-mapping of the same executable with different section
      attributes.  We could possibly introduce a new MAP_FIXED_NOFILECHANGE
      flag or similar, which acts like NOREPLACE, but allows just remapping
      the same executable file using different protection flags.
      
      It's not clear that would make a huge difference to anything, but if
      people really hate that "elf remaps over previous maps" behavior, maybe
      at least a more limited form of remapping would alleviate some concerns.
      
      Alternatively, we should take a look at our elf_map() logic to see if we
      end up not mapping things properly the first time.
      
      In the meantime, this is the minimal "don't do that then" patch while
      people hopefully think about it more.
      Reported-by: default avatarRussell King <linux@armlinux.org.uk>
      Fixes: 4ed28639 ("fs, elf: drop MAP_FIXED usage from elf_map")
      Fixes: ad55eac7 ("elf: enforce  MAP_FIXED on overlaying elf segments")
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Kees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b212921b
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.4-1' of git://git.infradead.org/users/hch/dma-mapping · 7cdb85df
      Linus Torvalds authored
      Pull dma-mapping regression fix from Christoph Hellwig:
       "Revert an incorret hunk from a patch that caused problems on various
        arm boards (Andrey Smirnov)"
      
      * tag 'dma-mapping-5.4-1' of git://git.infradead.org/users/hch/dma-mapping:
        dma-mapping: fix false positive warnings in dma_common_free_remap()
      7cdb85df
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 43b815c6
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "A few fixes this time around:
      
         - Fixup of some clock specifications for DRA7 (device-tree fix)
      
         - Removal of some dead/legacy CPU OPP/PM code for OMAP that throws
           warnings at boot
      
         - A few more minor fixups for OMAPs, most around display
      
         - Enable STM32 QSPI as =y since their rootfs sometimes comes from
           there
      
         - Switch CONFIG_REMOTEPROC to =y since it went from tristate to bool
      
         - Fix of thermal zone definition for ux500 (5.4 regression)"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        ARM: multi_v7_defconfig: Fix SPI_STM32_QSPI support
        ARM: dts: ux500: Fix up the CPU thermal zone
        arm64/ARM: configs: Change CONFIG_REMOTEPROC from m to y
        ARM: dts: am4372: Set memory bandwidth limit for DISPC
        ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
        ARM: OMAP2+: Add missing LCDC midlemode for am335x
        ARM: OMAP2+: Fix missing reset done flag for am3 and am43
        ARM: dts: Fix gpio0 flags for am335x-icev2
        ARM: omap2plus_defconfig: Enable more droid4 devices as loadable modules
        ARM: omap2plus_defconfig: Enable DRM_TI_TFP410
        DTS: ARM: gta04: introduce legacy spi-cs-high to make display work again
        ARM: dts: Fix wrong clocks for dra7 mcasp
        clk: ti: dra7: Fix mcasp8 clock bits
      43b815c6
  3. 05 Oct, 2019 32 commits
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v5.4' of... · 2d00aee2
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - remove unneeded ar-option and KBUILD_ARFLAGS
      
       - remove long-deprecated SUBDIRS
      
       - fix modpost to suppress false-positive warnings for UML builds
      
       - fix namespace.pl to handle relative paths to ${objtree}, ${srctree}
      
       - make setlocalversion work for /bin/sh
      
       - make header archive reproducible
      
       - fix some Makefiles and documents
      
      * tag 'kbuild-fixes-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kheaders: make headers archive reproducible
        kbuild: update compile-test header list for v5.4-rc2
        kbuild: two minor updates for Documentation/kbuild/modules.rst
        scripts/setlocalversion: clear local variable to make it work for sh
        namespace: fix namespace.pl script to support relative paths
        video/logo: do not generate unneeded logo C files
        video/logo: remove unneeded *.o pattern from clean-files
        integrity: remove pointless subdir-$(CONFIG_...)
        integrity: remove unneeded, broken attempt to add -fshort-wchar
        modpost: fix static EXPORT_SYMBOL warnings for UML build
        kbuild: correct formatting of header in kbuild module docs
        kbuild: remove SUBDIRS support
        kbuild: remove ar-option and KBUILD_ARFLAGS
      2d00aee2
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 126195c9
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Twelve patches mostly small but obvious fixes or cosmetic but small
        updates"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: qla2xxx: Fix Nport ID display value
        scsi: qla2xxx: Fix N2N link up fail
        scsi: qla2xxx: Fix N2N link reset
        scsi: qla2xxx: Optimize NPIV tear down process
        scsi: qla2xxx: Fix stale mem access on driver unload
        scsi: qla2xxx: Fix unbound sleep in fcport delete path.
        scsi: qla2xxx: Silence fwdump template message
        scsi: hisi_sas: Make three functions static
        scsi: megaraid: disable device when probe failed after enabled device
        scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue
        scsi: qedf: Remove always false 'tmp_prio < 0' statement
        scsi: ufs: skip shutdown if hba is not powered
        scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF
      126195c9
    • Linus Torvalds's avatar
      Merge branch 'readdir' (readdir speedup and sanity checking) · 4f11918a
      Linus Torvalds authored
      This makes getdents() and getdents64() do sanity checking on the
      pathname that it gives to user space.  And to mitigate the performance
      impact of that, it first cleans up the way it does the user copying, so
      that the code avoids doing the SMAP/PAN updates between each part of the
      dirent structure write.
      
      I really wanted to do this during the merge window, but didn't have
      time.  The conversion of filldir to unsafe_put_user() is something I've
      had around for years now in a private branch, but the extra pathname
      checking finally made me clean it up to the point where it is mergable.
      
      It's worth noting that the filename validity checking really should be a
      bit smarter: it would be much better to delay the error reporting until
      the end of the readdir, so that non-corrupted filenames are still
      returned.  But that involves bigger changes, so let's see if anybody
      actually hits the corrupt directory entry case before worrying about it
      further.
      
      * branch 'readdir':
        Make filldir[64]() verify the directory entry filename is valid
        Convert filldir[64]() from __put_user() to unsafe_put_user()
      4f11918a
    • Linus Torvalds's avatar
      Make filldir[64]() verify the directory entry filename is valid · 8a23eb80
      Linus Torvalds authored
      This has been discussed several times, and now filesystem people are
      talking about doing it individually at the filesystem layer, so head
      that off at the pass and just do it in getdents{64}().
      
      This is partially based on a patch by Jann Horn, but checks for NUL
      bytes as well, and somewhat simplified.
      
      There's also commentary about how it might be better if invalid names
      due to filesystem corruption don't cause an immediate failure, but only
      an error at the end of the readdir(), so that people can still see the
      filenames that are ok.
      
      There's also been discussion about just how much POSIX strictly speaking
      requires this since it's about filesystem corruption.  It's really more
      "protect user space from bad behavior" as pointed out by Jann.  But
      since Eric Biederman looked up the POSIX wording, here it is for context:
      
       "From readdir:
      
         The readdir() function shall return a pointer to a structure
         representing the directory entry at the current position in the
         directory stream specified by the argument dirp, and position the
         directory stream at the next entry. It shall return a null pointer
         upon reaching the end of the directory stream. The structure dirent
         defined in the <dirent.h> header describes a directory entry.
      
        From definitions:
      
         3.129 Directory Entry (or Link)
      
         An object that associates a filename with a file. Several directory
         entries can associate names with the same file.
      
        ...
      
         3.169 Filename
      
         A name consisting of 1 to {NAME_MAX} bytes used to name a file. The
         characters composing the name may be selected from the set of all
         character values excluding the slash character and the null byte. The
         filenames dot and dot-dot have special meaning. A filename is
         sometimes referred to as a 'pathname component'."
      
      Note that I didn't bother adding the checks to any legacy interfaces
      that nobody uses.
      
      Also note that if this ends up being noticeable as a performance
      regression, we can fix that to do a much more optimized model that
      checks for both NUL and '/' at the same time one word at a time.
      
      We haven't really tended to optimize 'memchr()', and it only checks for
      one pattern at a time anyway, and we really _should_ check for NUL too
      (but see the comment about "soft errors" in the code about why it
      currently only checks for '/')
      
      See the CONFIG_DCACHE_WORD_ACCESS case of hash_name() for how the name
      lookup code looks for pathname terminating characters in parallel.
      
      Link: https://lore.kernel.org/lkml/20190118161440.220134-2-jannh@google.com/
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Jann Horn <jannh@google.com>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8a23eb80
    • Linus Torvalds's avatar
      Convert filldir[64]() from __put_user() to unsafe_put_user() · 9f79b78e
      Linus Torvalds authored
      We really should avoid the "__{get,put}_user()" functions entirely,
      because they can easily be mis-used and the original intent of being
      used for simple direct user accesses no longer holds in a post-SMAP/PAN
      world.
      
      Manually optimizing away the user access range check makes no sense any
      more, when the range check is generally much cheaper than the "enable
      user accesses" code that the __{get,put}_user() functions still need.
      
      So instead of __put_user(), use the unsafe_put_user() interface with
      user_access_{begin,end}() that really does generate better code these
      days, and which is generally a nicer interface.  Under some loads, the
      multiple user writes that filldir() does are actually quite noticeable.
      
      This also makes the dirent name copy use unsafe_put_user() with a couple
      of macros.  We do not want to make function calls with SMAP/PAN
      disabled, and the code this generates is quite good when the
      architecture uses "asm goto" for unsafe_put_user() like x86 does.
      
      Note that this doesn't bother with the legacy cases.  Nobody should use
      them anyway, so performance doesn't really matter there.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9f79b78e
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 9819a30c
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix ieeeu02154 atusb driver use-after-free, from Johan Hovold.
      
       2) Need to validate TCA_CBQ_WRROPT netlink attributes, from Eric
          Dumazet.
      
       3) txq null deref in mac80211, from Miaoqing Pan.
      
       4) ionic driver needs to select NET_DEVLINK, from Arnd Bergmann.
      
       5) Need to disable bh during nft_connlimit GC, from Pablo Neira Ayuso.
      
       6) Avoid division by zero in taprio scheduler, from Vladimir Oltean.
      
       7) Various xgmac fixes in stmmac driver from Jose Abreu.
      
       8) Avoid 64-bit division in mlx5 leading to link errors on 32-bit from
          Michal Kubecek.
      
       9) Fix bad VLAN check in rtl8366 DSA driver, from Linus Walleij.
      
      10) Fix sleep while atomic in sja1105, from Vladimir Oltean.
      
      11) Suspend/resume deadlock in stmmac, from Thierry Reding.
      
      12) Various UDP GSO fixes from Josh Hunt.
      
      13) Fix slab out of bounds access in tcp_zerocopy_receive(), from Eric
          Dumazet.
      
      14) Fix OOPS in __ipv6_ifa_notify(), from David Ahern.
      
      15) Memory leak in NFC's llcp_sock_bind, from Eric Dumazet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (72 commits)
        selftests/net: add nettest to .gitignore
        net: qlogic: Fix memory leak in ql_alloc_large_buffers
        nfc: fix memory leak in llcp_sock_bind()
        sch_dsmark: fix potential NULL deref in dsmark_init()
        net: phy: at803x: use operating parameters from PHY-specific status
        net: phy: extract pause mode
        net: phy: extract link partner advertisement reading
        net: phy: fix write to mii-ctrl1000 register
        ipv6: Handle missing host route in __ipv6_ifa_notify
        net: phy: allow for reset line to be tied to a sleepy GPIO controller
        net: ipv4: avoid mixed n_redirects and rate_tokens usage
        r8152: Set macpassthru in reset_resume callback
        cxgb4:Fix out-of-bounds MSI-X info array access
        Revert "ipv6: Handle race in addrconf_dad_work"
        net: make sock_prot_memory_pressure() return "const char *"
        rxrpc: Fix rxrpc_recvmsg tracepoint
        qmi_wwan: add support for Cinterion CLS8 devices
        tcp: fix slab-out-of-bounds in tcp_zerocopy_receive()
        lib: textsearch: fix escapes in example code
        udp: only do GSO if # of segs > 1
        ...
      9819a30c
    • Linus Torvalds's avatar
      Merge tag 's390-5.4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 6fe137cb
      Linus Torvalds authored
      Pull s390 fixes from Vasily Gorbik:
      
       - defconfig updates
      
       - Fix build errors with CC_OPTIMIZE_FOR_SIZE due to usage of "i"
         constraint for function arguments. Two kvm changes acked-by Christian
         Borntraeger.
      
       - Fix -Wunused-but-set-variable warnings in mm code.
      
       - Avoid a constant misuse in qdio.
      
       - Handle a case when cpumf is temporarily unavailable.
      
      * tag 's390-5.4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        KVM: s390: mark __insn32_query() as __always_inline
        KVM: s390: fix __insn32_query() inline assembly
        s390: update defconfigs
        s390/pci: mark function(s) __always_inline
        s390/mm: mark function(s) __always_inline
        s390/jump_label: mark function(s) __always_inline
        s390/cpu_mf: mark function(s) __always_inline
        s390/atomic,bitops: mark function(s) __always_inline
        s390/mm: fix -Wunused-but-set-variable warnings
        s390: mark __cpacf_query() as __always_inline
        s390/qdio: clarify size of the QIB parm area
        s390/cpumf: Fix indentation in sampling device driver
        s390/cpumsf: Check for CPU Measurement sampling
        s390/cpumf: Use consistant debug print format
      6fe137cb
    • Heiko Carstens's avatar
      KVM: s390: mark __insn32_query() as __always_inline · d0dea733
      Heiko Carstens authored
      __insn32_query() will not compile if the compiler decides to not
      inline it, since it contains an inline assembly with an "i" constraint
      with variable contents.
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      d0dea733
    • Heiko Carstens's avatar
      KVM: s390: fix __insn32_query() inline assembly · b1c41ac3
      Heiko Carstens authored
      The inline assembly constraints of __insn32_query() tell the compiler
      that only the first byte of "query" is being written to. Intended was
      probably that 32 bytes are written to.
      
      Fix and simplify the code and just use a "memory" clobber.
      
      Fixes: d6681397 ("KVM: s390: provide query function for instructions returning 32 byte")
      Cc: stable@vger.kernel.org # v5.2+
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      b1c41ac3
    • Andrey Smirnov's avatar
      dma-mapping: fix false positivse warnings in dma_common_free_remap() · 2cf2aa6a
      Andrey Smirnov authored
      Commit 5cf45379 ("dma-mapping: introduce a dma_common_find_pages
      helper") changed invalid input check in dma_common_free_remap() from:
      
          if (!area || !area->flags != VM_DMA_COHERENT)
      
      to
      
          if (!area || !area->flags != VM_DMA_COHERENT || !area->pages)
      
      which seem to produce false positives for memory obtained via
      dma_common_contiguous_remap()
      
      This triggers the following warning message when doing "reboot" on ZII
      VF610 Dev Board Rev B:
      
      WARNING: CPU: 0 PID: 1 at kernel/dma/remap.c:112 dma_common_free_remap+0x88/0x8c
      trying to free invalid coherent area: 9ef82980
      Modules linked in:
      CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.3.0-rc6-next-20190820 #119
      Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree)
      Backtrace:
      [<8010d1ec>] (dump_backtrace) from [<8010d588>] (show_stack+0x20/0x24)
       r7:8015ed78 r6:00000009 r5:00000000 r4:9f4d9b14
      [<8010d568>] (show_stack) from [<8077e3f0>] (dump_stack+0x24/0x28)
      [<8077e3cc>] (dump_stack) from [<801197a0>] (__warn.part.3+0xcc/0xe4)
      [<801196d4>] (__warn.part.3) from [<80119830>] (warn_slowpath_fmt+0x78/0x94)
       r6:00000070 r5:808e540c r4:81c03048
      [<801197bc>] (warn_slowpath_fmt) from [<8015ed78>] (dma_common_free_remap+0x88/0x8c)
       r3:9ef82980 r2:808e53e0
       r7:00001000 r6:a0b1e000 r5:a0b1e000 r4:00001000
      [<8015ecf0>] (dma_common_free_remap) from [<8010fa9c>] (remap_allocator_free+0x60/0x68)
       r5:81c03048 r4:9f4d9b78
      [<8010fa3c>] (remap_allocator_free) from [<801100d0>] (__arm_dma_free.constprop.3+0xf8/0x148)
       r5:81c03048 r4:9ef82900
      [<8010ffd8>] (__arm_dma_free.constprop.3) from [<80110144>] (arm_dma_free+0x24/0x2c)
       r5:9f563410 r4:80110120
      [<80110120>] (arm_dma_free) from [<8015d80c>] (dma_free_attrs+0xa0/0xdc)
      [<8015d76c>] (dma_free_attrs) from [<8020f3e4>] (dma_pool_destroy+0xc0/0x154)
       r8:9efa8860 r7:808f02f0 r6:808f02d0 r5:9ef82880 r4:9ef82780
      [<8020f324>] (dma_pool_destroy) from [<805525d0>] (ehci_mem_cleanup+0x6c/0x150)
       r7:9f563410 r6:9efa8810 r5:00000000 r4:9efd0148
      [<80552564>] (ehci_mem_cleanup) from [<80558e0c>] (ehci_stop+0xac/0xc0)
       r5:9efd0148 r4:9efd0000
      [<80558d60>] (ehci_stop) from [<8053c4bc>] (usb_remove_hcd+0xf4/0x1b0)
       r7:9f563410 r6:9efd0074 r5:81c03048 r4:9efd0000
      [<8053c3c8>] (usb_remove_hcd) from [<8056361c>] (host_stop+0x48/0xb8)
       r7:9f563410 r6:9efd0000 r5:9f5f4040 r4:9f5f5040
      [<805635d4>] (host_stop) from [<80563d0c>] (ci_hdrc_host_destroy+0x34/0x38)
       r7:9f563410 r6:9f5f5040 r5:9efa8800 r4:9f5f4040
      [<80563cd8>] (ci_hdrc_host_destroy) from [<8055ef18>] (ci_hdrc_remove+0x50/0x10c)
      [<8055eec8>] (ci_hdrc_remove) from [<804a2ed8>] (platform_drv_remove+0x34/0x4c)
       r7:9f563410 r6:81c4f99c r5:9efa8810 r4:9efa8810
      [<804a2ea4>] (platform_drv_remove) from [<804a18a8>] (device_release_driver_internal+0xec/0x19c)
       r5:00000000 r4:9efa8810
      [<804a17bc>] (device_release_driver_internal) from [<804a1978>] (device_release_driver+0x20/0x24)
       r7:9f563410 r6:81c41ed0 r5:9efa8810 r4:9f4a1dac
      [<804a1958>] (device_release_driver) from [<804a01b8>] (bus_remove_device+0xdc/0x108)
      [<804a00dc>] (bus_remove_device) from [<8049c204>] (device_del+0x150/0x36c)
       r7:9f563410 r6:81c03048 r5:9efa8854 r4:9efa8810
      [<8049c0b4>] (device_del) from [<804a3368>] (platform_device_del.part.2+0x20/0x84)
       r10:9f563414 r9:809177e0 r8:81cb07dc r7:81c78320 r6:9f563454 r5:9efa8800
       r4:9efa8800
      [<804a3348>] (platform_device_del.part.2) from [<804a3420>] (platform_device_unregister+0x28/0x34)
       r5:9f563400 r4:9efa8800
      [<804a33f8>] (platform_device_unregister) from [<8055dce0>] (ci_hdrc_remove_device+0x1c/0x30)
       r5:9f563400 r4:00000001
      [<8055dcc4>] (ci_hdrc_remove_device) from [<805652ac>] (ci_hdrc_imx_remove+0x38/0x118)
       r7:81c78320 r6:9f563454 r5:9f563410 r4:9f541010
      [<8056538c>] (ci_hdrc_imx_shutdown) from [<804a2970>] (platform_drv_shutdown+0x2c/0x30)
      [<804a2944>] (platform_drv_shutdown) from [<8049e4fc>] (device_shutdown+0x158/0x1f0)
      [<8049e3a4>] (device_shutdown) from [<8013ac80>] (kernel_restart_prepare+0x44/0x48)
       r10:00000058 r9:9f4d8000 r8:fee1dead r7:379ce700 r6:81c0b280 r5:81c03048
       r4:00000000
      [<8013ac3c>] (kernel_restart_prepare) from [<8013ad14>] (kernel_restart+0x1c/0x60)
      [<8013acf8>] (kernel_restart) from [<8013af84>] (__do_sys_reboot+0xe0/0x1d8)
       r5:81c03048 r4:00000000
      [<8013aea4>] (__do_sys_reboot) from [<8013b0ec>] (sys_reboot+0x18/0x1c)
       r8:80101204 r7:00000058 r6:00000000 r5:00000000 r4:00000000
      [<8013b0d4>] (sys_reboot) from [<80101000>] (ret_fast_syscall+0x0/0x54)
      Exception stack(0x9f4d9fa8 to 0x9f4d9ff0)
      9fa0:                   00000000 00000000 fee1dead 28121969 01234567 379ce700
      9fc0: 00000000 00000000 00000000 00000058 00000000 00000000 00000000 00016d04
      9fe0: 00028e0c 7ec87c64 000135ec 76c1f410
      
      Restore original invalid input check in dma_common_free_remap() to
      avoid this problem.
      
      Fixes: 5cf45379 ("dma-mapping: introduce a dma_common_find_pages helper")
      Signed-off-by: default avatarAndrey Smirnov <andrew.smirnov@gmail.com>
      [hch: just revert the offending hunk instead of creating a new helper]
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      2cf2aa6a
    • Dmitry Goldin's avatar
      kheaders: make headers archive reproducible · 86cdd2fd
      Dmitry Goldin authored
      In commit 43d8ce9d ("Provide in-kernel headers to make
      extending kernel easier") a new mechanism was introduced, for kernels
      >=5.2, which embeds the kernel headers in the kernel image or a module
      and exposes them in procfs for use by userland tools.
      
      The archive containing the header files has nondeterminism caused by
      header files metadata. This patch normalizes the metadata and utilizes
      KBUILD_BUILD_TIMESTAMP if provided and otherwise falls back to the
      default behaviour.
      
      In commit f7b101d3 ("kheaders: Move from proc to sysfs") it was
      modified to use sysfs and the script for generation of the archive was
      renamed to what is being patched.
      Signed-off-by: default avatarDmitry Goldin <dgoldin+lkml@protonmail.ch>
      Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Reviewed-by: default avatarJoel Fernandes (Google) <joel@joelfernandes.org>
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      86cdd2fd
    • Masahiro Yamada's avatar
      kbuild: update compile-test header list for v5.4-rc2 · d188b8c9
      Masahiro Yamada authored
      Commit 6dc280eb ("coda: remove uapi/linux/coda_psdev.h") removed
      a header in question. Some more build errors were fixed. Add more
      headers into the test coverage.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      d188b8c9
    • Masahiro Yamada's avatar
      kbuild: two minor updates for Documentation/kbuild/modules.rst · 43496709
      Masahiro Yamada authored
      Capitalize the first word in the sentence.
      
      Use obj-m instead of obj-y. obj-y still works, but we have no built-in
      objects in external module builds. So, obj-m is better IMHO.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      43496709
    • Masahiro Yamada's avatar
      scripts/setlocalversion: clear local variable to make it work for sh · 7a82e3fa
      Masahiro Yamada authored
      Geert Uytterhoeven reports a strange side-effect of commit 858805b3
      ("kbuild: add $(BASH) to run scripts with bash-extension"), which
      inserts the contents of a localversion file in the build directory twice.
      
      [Steps to Reproduce]
        $ echo bar > localversion
        $ mkdir build
        $ cd build/
        $ echo foo > localversion
        $ make -s -f ../Makefile defconfig include/config/kernel.release
        $ cat include/config/kernel.release
        5.4.0-rc1foofoobar
      
      This comes down to the behavior change of local variables.
      
      The 'man sh' on my Ubuntu machine, where sh is an alias to dash,
      explains as follows:
        When a variable is made local, it inherits the initial value and
        exported and readonly flags from the variable with the same name
        in the surrounding scope, if there is one. Otherwise, the variable
        is initially unset.
      
      [Test Code]
      
        foo ()
        {
                local res
                echo "res: $res"
        }
      
        res=1
        foo
      
      [Result]
      
        $ sh test.sh
        res: 1
        $ bash test.sh
        res:
      
      So, scripts/setlocalversion correctly works only for bash in spite of
      its hashbang being #!/bin/sh. Nobody had noticed it before because
      CONFIG_SHELL was previously set to bash almost all the time.
      
      Now that CONFIG_SHELL is set to sh, we must write portable and correct
      code. I gave the Fixes tag to the commit that uncovered the issue.
      
      Clear the variable 'res' in collect_files() to make it work for sh
      (and it also works on distributions where sh is an alias to bash).
      
      Fixes: 858805b3 ("kbuild: add $(BASH) to run scripts with bash-extension")
      Reported-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Tested-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      7a82e3fa
    • Jacob Keller's avatar
      namespace: fix namespace.pl script to support relative paths · 82fdd12b
      Jacob Keller authored
      The namespace.pl script does not work properly if objtree is not set to
      an absolute path. The do_nm function is run from within the find
      function, which changes directories.
      
      Because of this, appending objtree, $File::Find::dir, and $source, will
      return a path which is not valid from the current directory.
      
      This used to work when objtree was set to an absolute path when using
      "make namespacecheck". It appears to have not worked when calling
      ./scripts/namespace.pl directly.
      
      This behavior was changed in 7e1c0477 ("kbuild: Use relative path
      for $(objtree)", 2014-05-14)
      
      Rather than fixing the Makefile to set objtree to an absolute path, just
      fix namespace.pl to work when srctree and objtree are relative. Also fix
      the script to use an absolute path for these by default.
      
      Use the File::Spec module for this purpose. It's been part of perl
      5 since 5.005.
      
      The curdir() function is used to get the current directory when the
      objtree and srctree aren't set in the environment.
      
      rel2abs() is used to convert possibly relative objtree and srctree
      environment variables to absolute paths.
      
      Finally, the catfile() function is used instead of string appending
      paths together, since this is more robust when joining paths together.
      Signed-off-by: default avatarJacob Keller <jacob.e.keller@intel.com>
      Acked-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Tested-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      82fdd12b
    • Masahiro Yamada's avatar
      video/logo: do not generate unneeded logo C files · 01bb2515
      Masahiro Yamada authored
      Currently, all the logo C files are generated irrespective of the
      CONFIG options. Adding them to extra-y is wrong. What we need to do
      here is to add them to 'targets' so that if_changed works properly.
      
      Files listed in 'targets' are cleaned, so clean-files is unneeded.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      01bb2515
    • Masahiro Yamada's avatar
      video/logo: remove unneeded *.o pattern from clean-files · a9bbe79f
      Masahiro Yamada authored
      The pattern *.o is cleaned up globally by the top Makefile.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      a9bbe79f
    • Masahiro Yamada's avatar
      integrity: remove pointless subdir-$(CONFIG_...) · 7a8beb7a
      Masahiro Yamada authored
      The ima/ and evm/ sub-directories contain built-in objects, so
      obj-$(CONFIG_...) is the correct way to descend into them.
      
      subdir-$(CONFIG_...) is redundant.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      7a8beb7a
    • Masahiro Yamada's avatar
      integrity: remove unneeded, broken attempt to add -fshort-wchar · 6b190d3c
      Masahiro Yamada authored
      I guess commit 15ea0e1e ("efi: Import certificates from UEFI Secure
      Boot") attempted to add -fshort-wchar for building load_uefi.o, but it
      has never worked as intended.
      
      load_uefi.o is created in the platform_certs/ sub-directory. If you
      really want to add -fshort-wchar, the correct code is:
      
        $(obj)/platform_certs/load_uefi.o: KBUILD_CFLAGS += -fshort-wchar
      
      But, you do not need to fix it.
      
      Commit 8c97023c ("Kbuild: use -fshort-wchar globally") had already
      added -fshort-wchar globally. This code was unneeded in the first place.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      6b190d3c
    • Jakub Kicinski's avatar
      selftests/net: add nettest to .gitignore · ef129d34
      Jakub Kicinski authored
      nettest is missing from gitignore.
      
      Fixes: acda655f ("selftests: Add nettest")
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ef129d34
    • Navid Emamdoost's avatar
      net: qlogic: Fix memory leak in ql_alloc_large_buffers · 1acb8f2a
      Navid Emamdoost authored
      In ql_alloc_large_buffers, a new skb is allocated via netdev_alloc_skb.
      This skb should be released if pci_dma_mapping_error fails.
      
      Fixes: 0f8ab89e ("qla3xxx: Check return code from pci_map_single() in ql_release_to_lrg_buf_free_list(), ql_populate_free_queue(), ql_alloc_large_buffers(), and ql3xxx_send()")
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1acb8f2a
    • Eric Dumazet's avatar
      nfc: fix memory leak in llcp_sock_bind() · a0c2dc1f
      Eric Dumazet authored
      sysbot reported a memory leak after a bind() has failed.
      
      While we are at it, abort the operation if kmemdup() has failed.
      
      BUG: memory leak
      unreferenced object 0xffff888105d83ec0 (size 32):
        comm "syz-executor067", pid 7207, jiffies 4294956228 (age 19.430s)
        hex dump (first 32 bytes):
          00 69 6c 65 20 72 65 61 64 00 6e 65 74 3a 5b 34  .ile read.net:[4
          30 32 36 35 33 33 30 39 37 5d 00 00 00 00 00 00  026533097]......
        backtrace:
          [<0000000036bac473>] kmemleak_alloc_recursive /./include/linux/kmemleak.h:43 [inline]
          [<0000000036bac473>] slab_post_alloc_hook /mm/slab.h:522 [inline]
          [<0000000036bac473>] slab_alloc /mm/slab.c:3319 [inline]
          [<0000000036bac473>] __do_kmalloc /mm/slab.c:3653 [inline]
          [<0000000036bac473>] __kmalloc_track_caller+0x169/0x2d0 /mm/slab.c:3670
          [<000000000cd39d07>] kmemdup+0x27/0x60 /mm/util.c:120
          [<000000008e57e5fc>] kmemdup /./include/linux/string.h:432 [inline]
          [<000000008e57e5fc>] llcp_sock_bind+0x1b3/0x230 /net/nfc/llcp_sock.c:107
          [<000000009cb0b5d3>] __sys_bind+0x11c/0x140 /net/socket.c:1647
          [<00000000492c3bbc>] __do_sys_bind /net/socket.c:1658 [inline]
          [<00000000492c3bbc>] __se_sys_bind /net/socket.c:1656 [inline]
          [<00000000492c3bbc>] __x64_sys_bind+0x1e/0x30 /net/socket.c:1656
          [<0000000008704b2a>] do_syscall_64+0x76/0x1a0 /arch/x86/entry/common.c:296
          [<000000009f4c57a4>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: 30cc4587 ("NFC: Move LLCP code to the NFC top level diirectory")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a0c2dc1f
    • Eric Dumazet's avatar
      sch_dsmark: fix potential NULL deref in dsmark_init() · 474f0813
      Eric Dumazet authored
      Make sure TCA_DSMARK_INDICES was provided by the user.
      
      syzbot reported :
      
      kasan: CONFIG_KASAN_INLINE enabled
      kasan: GPF could be caused by NULL-ptr deref or user memory access
      general protection fault: 0000 [#1] PREEMPT SMP KASAN
      CPU: 1 PID: 8799 Comm: syz-executor235 Not tainted 5.3.0+ #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:nla_get_u16 include/net/netlink.h:1501 [inline]
      RIP: 0010:dsmark_init net/sched/sch_dsmark.c:364 [inline]
      RIP: 0010:dsmark_init+0x193/0x640 net/sched/sch_dsmark.c:339
      Code: 85 db 58 0f 88 7d 03 00 00 e8 e9 1a ac fb 48 8b 9d 70 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 ca
      RSP: 0018:ffff88809426f3b8 EFLAGS: 00010247
      RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff85c6eb09
      RDX: 0000000000000000 RSI: ffffffff85c6eb17 RDI: 0000000000000004
      RBP: ffff88809426f4b0 R08: ffff88808c4085c0 R09: ffffed1015d26159
      R10: ffffed1015d26158 R11: ffff8880ae930ac7 R12: ffff8880a7e96940
      R13: dffffc0000000000 R14: ffff88809426f8c0 R15: 0000000000000000
      FS:  0000000001292880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000020000080 CR3: 000000008ca1b000 CR4: 00000000001406e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       qdisc_create+0x4ee/0x1210 net/sched/sch_api.c:1237
       tc_modify_qdisc+0x524/0x1c50 net/sched/sch_api.c:1653
       rtnetlink_rcv_msg+0x463/0xb00 net/core/rtnetlink.c:5223
       netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
       rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
       netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
       netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328
       netlink_sendmsg+0x8a5/0xd60 net/netlink/af_netlink.c:1917
       sock_sendmsg_nosec net/socket.c:637 [inline]
       sock_sendmsg+0xd7/0x130 net/socket.c:657
       ___sys_sendmsg+0x803/0x920 net/socket.c:2311
       __sys_sendmsg+0x105/0x1d0 net/socket.c:2356
       __do_sys_sendmsg net/socket.c:2365 [inline]
       __se_sys_sendmsg net/socket.c:2363 [inline]
       __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2363
       do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x440369
      
      Fixes: 758cc43c ("[PKT_SCHED]: Fix dsmark to apply changes consistent")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      474f0813
    • David S. Miller's avatar
      Merge branch 'Fix-regression-with-AR8035-speed-downgrade' · e3ba9bf6
      David S. Miller authored
      Russell King says:
      
      ====================
      Fix regression with AR8035 speed downgrade
      
      The following series attempts to address an issue spotted by tinywrkb
      with the AR8035 on the Cubox-i2 in a situation where the PHY downgrades
      the negotiated link.
      
      This is version 2, not much has changed other than rebasing on the
      current net tree.  Changes have happend to patch 2 due to conflicts,
      so I dropped Andrew's reviewed-by.  Minor context changes to patch 4
      which I don't consider important enough to warrant dropping the
      reviewed-by.
      
      Before commit 5502b218 ("net: phy: use phy_resolve_aneg_linkmode in
      genphy_read_status"), we would read not only the link partner's
      advertisement, but also our own advertisement from the PHY registers,
      and use both to derive the PHYs current link mode.  This works when the
      AR8035 downgrades the speed, because it appears that the AR8035 clears
      link mode bits in the advertisement registers as part of the downgrade.
      
      Commentary: what is not yet known is whether the AR8035 restores the
                  advertisement register when the link goes down to the
      	    previous state.
      
      However, since the above referenced commit, we no longer use the PHYs
      advertisement registers, instead converting the link partner's
      advertisement to the ethtool link mode array, and combine that with
      phylib's cached version of our advertisement - which is not updated on
      speed downgrade.
      
      This results in phylib disagreeing with the actual operating mode of
      the PHY.
      
      Commentary: I wonder how many more PHY drivers are broken by this
      	    commit, but have yet to be discovered.
      
      The obvious way to address this would be to disable the downgrade
      feature, and indeed this does fix the problem in tinywrkb's case - his
      link partner instead downgrades the speed by reducing its
      advertisement, resulting in phylib correctly evaluating a slower speed.
      
      However, it has a serious drawback - the gigabit control register (MII
      register 9) appears to become read only.  It seems the only way to
      update the register is to re-enable the downgrade feature, reset the
      PHY, changing register 9, disable the downgrade feature, and reset the
      PHY again.
      
      This series attempts to address the problem using a different approach,
      similar to the approach taken with Marvell PHYs.  The AR8031, AR8033
      and AR8035 have a PHY-Specific Status register which reports the
      actual operating mode of the PHY - both speed and duplex.  This
      register correctly reports the operating mode irrespective of whether
      autoneg is enabled or not.  We use this register to fill in phylib's
      speed and duplex parameters.
      
      In detail:
      
      Patch 1 fixes a bug where writing to register 9 does not update
      phylib's advertisement mask in the same way that writing register 4
      does; this looks like an omission from when gigabit PHY support came
      into being.
      
      Patch 2 seperates the generic phylib code which reads the link partners
      advertisement from the PHY, so that we can re-use this in the Atheros
      PHY driver.
      
      Patch 3 seperates the generic phylib pause mode; phylib provides no
      help for MAC drivers to ascertain the negotiated pause mode, it merely
      copies the link partner's pause mode bits into its own variables.
      
      Commentary: Both the aforementioned Atheros PHYs and Marvell PHYs
                  provide the resolved pause modes in terms of whether
      	    we should transmit pause frames, or whether we should
      	    allow reception of pause frames.  Surely the resolution
      	    of this should be in phylib?
      
      Patch 4 provides the Atheros PHY driver with a private "read_status"
      implementation that fills in phylib's speed and duplex settings
      depending on the PHY-Specific status register.  This ensures that
      phylib and the MAC driver match the operating mode that the PHY has
      decided to use.  Since the register also gives us MDIX status, we
      can trivially fill that status in as well.
      
      Note that, although the bits mentioned in this patch for this register
      match those in th Marvell PHY driver, and it is located at the same
      address, the meaning of other register bits varies between the PHYs.
      Therefore, I do not feel that it would be appropriate to make this some
      kind of generic function.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e3ba9bf6
    • Russell King's avatar
      net: phy: at803x: use operating parameters from PHY-specific status · 06d5f344
      Russell King authored
      Read the PHY-specific status register for the current operating mode
      (speed and duplex) of the PHY.  This register reflects the actual
      mode that the PHY has resolved depending on either the advertisements
      of autoneg is enabled, or the forced mode if autoneg is disabled.
      
      This ensures that phylib's software state always tracks the hardware
      state.
      
      It seems both AR8033 (which uses the AR8031 ID) and AR8035 support
      this status register.  AR8030 is not known at the present time.
      
      This patch depends on "net: phy: extract pause mode" and "net: phy:
      extract link partner advertisement reading".
      Reported-by: default avatartinywrkb <tinywrkb@gmail.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Tested-by: default avatartinywrkb <tinywrkb@gmail.com>
      Fixes: 5502b218 ("net: phy: use phy_resolve_aneg_linkmode in genphy_read_status")
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06d5f344
    • Russell King's avatar
      net: phy: extract pause mode · 2d880b87
      Russell King authored
      Extract the update of phylib's software pause mode state from
      genphy_read_status(), so that we can re-use this functionality with
      PHYs that have alternative ways to read the negotiation results.
      Tested-by: default avatartinywrkb <tinywrkb@gmail.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d880b87
    • Russell King's avatar
      net: phy: extract link partner advertisement reading · 8d3dc3ac
      Russell King authored
      Move reading the link partner advertisement out of genphy_read_status()
      into its own separate function.  This will allow re-use of this code by
      PHY drivers that are able to read the resolved status from the PHY.
      Tested-by: default avatartinywrkb <tinywrkb@gmail.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8d3dc3ac
    • Russell King's avatar
      net: phy: fix write to mii-ctrl1000 register · 4cf6c57e
      Russell King authored
      When userspace writes to the MII_ADVERTISE register, we update phylib's
      advertising mask and trigger a renegotiation.  However, writing to the
      MII_CTRL1000 register, which contains the gigabit advertisement, does
      neither.  This can lead to phylib's copy of the advertisement becoming
      de-synced with the values in the PHY register set, which can result in
      incorrect negotiation resolution.
      
      Fixes: 5502b218 ("net: phy: use phy_resolve_aneg_linkmode in genphy_read_status")
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4cf6c57e
    • David Ahern's avatar
      ipv6: Handle missing host route in __ipv6_ifa_notify · 2d819d25
      David Ahern authored
      Rajendra reported a kernel panic when a link was taken down:
      
          [ 6870.263084] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a8
          [ 6870.271856] IP: [<ffffffff8efc5764>] __ipv6_ifa_notify+0x154/0x290
      
          <snip>
      
          [ 6870.570501] Call Trace:
          [ 6870.573238] [<ffffffff8efc58c6>] ? ipv6_ifa_notify+0x26/0x40
          [ 6870.579665] [<ffffffff8efc98ec>] ? addrconf_dad_completed+0x4c/0x2c0
          [ 6870.586869] [<ffffffff8efe70c6>] ? ipv6_dev_mc_inc+0x196/0x260
          [ 6870.593491] [<ffffffff8efc9c6a>] ? addrconf_dad_work+0x10a/0x430
          [ 6870.600305] [<ffffffff8f01ade4>] ? __switch_to_asm+0x34/0x70
          [ 6870.606732] [<ffffffff8ea93a7a>] ? process_one_work+0x18a/0x430
          [ 6870.613449] [<ffffffff8ea93d6d>] ? worker_thread+0x4d/0x490
          [ 6870.619778] [<ffffffff8ea93d20>] ? process_one_work+0x430/0x430
          [ 6870.626495] [<ffffffff8ea99dd9>] ? kthread+0xd9/0xf0
          [ 6870.632145] [<ffffffff8f01ade4>] ? __switch_to_asm+0x34/0x70
          [ 6870.638573] [<ffffffff8ea99d00>] ? kthread_park+0x60/0x60
          [ 6870.644707] [<ffffffff8f01ae77>] ? ret_from_fork+0x57/0x70
          [ 6870.650936] Code: 31 c0 31 d2 41 b9 20 00 08 02 b9 09 00 00 0
      
      addrconf_dad_work is kicked to be scheduled when a device is brought
      up. There is a race between addrcond_dad_work getting scheduled and
      taking the rtnl lock and a process taking the link down (under rtnl).
      The latter removes the host route from the inet6_addr as part of
      addrconf_ifdown which is run for NETDEV_DOWN. The former attempts
      to use the host route in __ipv6_ifa_notify. If the down event removes
      the host route due to the race to the rtnl, then the BUG listed above
      occurs.
      
      Since the DAD sequence can not be aborted, add a check for the missing
      host route in __ipv6_ifa_notify. The only way this should happen is due
      to the previously mentioned race. The host route is created when the
      address is added to an interface; it is only removed on a down event
      where the address is kept. Add a warning if the host route is missing
      AND the device is up; this is a situation that should never happen.
      
      Fixes: f1705ec1 ("net: ipv6: Make address flushing on ifdown optional")
      Reported-by: default avatarRajendra Dendukuri <rajendra.dendukuri@broadcom.com>
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d819d25
    • Andrea Merello's avatar
      net: phy: allow for reset line to be tied to a sleepy GPIO controller · ea977d19
      Andrea Merello authored
      mdio_device_reset() makes use of the atomic-pretending API flavor for
      handling the PHY reset GPIO line.
      
      I found no hint that mdio_device_reset() is called from atomic context
      and indeed it uses usleep_range() since long time, so I would assume that
      it is OK to sleep there.
      
      This patch switch to gpiod_set_value_cansleep() in mdio_device_reset().
      This is relevant if e.g. the PHY reset line is tied to a I2C GPIO
      controller.
      
      This has been tested on a ZynqMP board running an upstream 4.19 kernel and
      then hand-ported on current kernel tree.
      Signed-off-by: default avatarAndrea Merello <andrea.merello@gmail.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ea977d19
    • Paolo Abeni's avatar
      net: ipv4: avoid mixed n_redirects and rate_tokens usage · b406472b
      Paolo Abeni authored
      Since commit c09551c6 ("net: ipv4: use a dedicated counter
      for icmp_v4 redirect packets") we use 'n_redirects' to account
      for redirect packets, but we still use 'rate_tokens' to compute
      the redirect packets exponential backoff.
      
      If the device sent to the relevant peer any ICMP error packet
      after sending a redirect, it will also update 'rate_token' according
      to the leaking bucket schema; typically 'rate_token' will raise
      above BITS_PER_LONG and the redirect packets backoff algorithm
      will produce undefined behavior.
      
      Fix the issue using 'n_redirects' to compute the exponential backoff
      in ip_rt_send_redirect().
      
      Note that we still clear rate_tokens after a redirect silence period,
      to avoid changing an established behaviour.
      
      The root cause predates git history; before the mentioned commit in
      the critical scenario, the kernel stopped sending redirects, after
      the mentioned commit the behavior more randomic.
      Reported-by: default avatarXiumei Mu <xmu@redhat.com>
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Fixes: c09551c6 ("net: ipv4: use a dedicated counter for icmp_v4 redirect packets")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Acked-by: default avatarLorenzo Bianconi <lorenzo.bianconi@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b406472b
    • Kai-Heng Feng's avatar
      r8152: Set macpassthru in reset_resume callback · a54cdeeb
      Kai-Heng Feng authored
      r8152 may fail to establish network connection after resume from system
      suspend.
      
      If the USB port connects to r8152 lost its power during system suspend,
      the MAC address was written before is lost. The reason is that The MAC
      address doesn't get written again in its reset_resume callback.
      
      So let's set MAC address again in reset_resume callback. Also remove
      unnecessary lock as no other locking attempt will happen during
      reset_resume.
      Signed-off-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a54cdeeb
  4. 04 Oct, 2019 2 commits